Currently Being ModeratedMay 19, 2011 12:55 PM (in response to mcfmullen)
So, ITunes is officially done with me! They are not refunding my store credit since I was hacked in December and they refunded the $17 then - its a one time courtesy apparently, so be careful! Bummer that this hacking was for much more money!! Anyway, when I asked what the resolution of my investigation was I was told that "For my protection" they could not elaborate on the findings - my guess is there was no investigation and there were no findings. I almost choked on the "For my protection". As if protecting me was a priority!! Laughable! The "person" suggested that I speak to my attorney. They could speak to Apple Litigation and subpoena my account activity. No need to do that! I know what I have authorized purchases for - I keep ALL of the receipts - including the email notification of my unauthorized purchases. I was again referred to the "safe practices" information ... a lot of good that did me! I have changed our password several times since December and my account is still vulnerable. Until I can find another way to legally download songs and load them onto an MP3 player, I will change my password weekly. I hope that my songs in my ITunes library will be able to be added to another device, but I doubt it. If anyone knows how to download songs other than from ITunes that is legal and can go into my library I would love to know. I am done with ITunes after this - I feel bad for my son who LOVES to download songs.
Currently Being ModeratedMay 19, 2011 2:52 PM (in response to llmv)
I am in the same club as you.
My use of iTunes is coming to an end because I don't have confidence that anything is being done to resolve the security problem. The word is spreading too.
And that is a shame that Apple won't be more forthcoming about this.
Currently Being ModeratedMay 19, 2011 3:36 PM (in response to mcfmullen)
Same problem, same date, but for 2 x 11.99 sets of poker chips. Anyone got a reply from apple yet? appears to me that Apple got hacked, not us.
Currently Being ModeratedMay 19, 2011 3:41 PM (in response to nerfherder57)
Took days and days but yes, I got help from Apple and my $$ back.
I do think they have an internal problem but there is also a wicked piece of Mac malware getting press these days so it wouldn't hurt to do a virus scan on your machines as well as getting on Apple to fix your accounts/return the money.
Currently Being ModeratedMay 19, 2011 4:11 PM (in response to LeslieBAP)
Yep, I eventually got a reply after about a week, plus a refund, and a bonus speech :
- that this would be the "one time",
- that this problem was MY fault, not Apple's,
- if it "was" their fault, it would still be my fault because the Agreement states that all account activity is the
responsibility of the account 'holder', not the account 'provider', Including theft, which is a nice escape clause and a legal excuse not to be responsible.
So, that means that if a hacker downloaded $20 bucks worth of poker chips, it would be MY fault, even though Apple's security "might" have a hole, which it does.
<Edited by Host>
Currently Being ModeratedMay 24, 2011 4:07 AM (in response to mcfmullen)
Unfortunately, I too have been duped for nearly all of my account balance. I had £45.00GBP, and now I have £0.26GBP. The whole lot was squandered on "Order and Chaos" in-game purchases, which I have no interest for whatsoever. I will refuse to take any blame here, because my very complex password has remained private for over 5 years - I've not told a sole, I don't have any key-loggers, and I'm certainly not stupid enough to get phished. I have top-notch software and hardware internet security, and I am a budding Computer Scientist.
If I get fobbed-off in any way trying to say that it's my fault, I'm going to go to Trading Standards UK, and I'm going to submit a story to Watchdog. I'm amazed Watchdog haven't already commented on this kind of story.
Currently Being ModeratedMay 24, 2011 8:34 AM (in response to AlteranAncient)
I am in the same position as Alteran. My password is secure. I am very careful about my online practices and I even run Sophos Antivirus on my Mac. HOWEVER, Alteran, I just realized one vulnerability that many of us may have overlooked. My Apple ID and password were, indeed, secure and difficult to hack, but I used the same email address and password for several other Internet sites. Did you do the same? With the recent flurry of massive database thefts (e.g. Sony, Epsilon) we were told that the "only" information that was compromised was email addresses and passwords for various banking, shopping and travel sites.
A sophisticated hacker could easily take "just" the emails and their passwords and start writing routines to try those same passwords on many different sites.
I'm not an apologist for Apple (although to their credit they refunded my $32) but I'm trying to think like a hacker so it doesn't happen again!
I still have no explanation as to how these thieves are converting their game credit purchases into cash. (My thief purchased poker chips at kamagames.com.) Has anyone pursued that question?
Currently Being ModeratedMay 24, 2011 9:37 AM (in response to TomInPhx)
Well, the only way I can see such a scam benefitting anyone would be the app publishers themselves - as they're the ones who see 70% of the cash in these transactions. However, I don't quite see how or why a company such as Gameloft would participate in such a shady business.
While I might tend to use the same few passwords over a range of different sites, I made it a habit not to use the same password for my email address as every other site - meaning if you had my email and password from one site, then it would be useless on most others. I have also not been a user of other services that have been reportedly compromised according to the news and media. It's been a pretty bad year so far. Sony and LastPass have already been victimised and they obviously won't be the last.
Phishing, Keylogging, Bruteforcing and other shenanigans have definitely been on the increase over the past year or so. Steam account phishing, for example, became such a problem, that they included new per-computer access restrictions, preventing anyone from logging into an account without email verification confirming access from that computer, dubbed "Steam Guard". Apple really do need to start investing in hightened security provisions such as this. Anyone feel like sending Steve an email?
Currently Being ModeratedMay 24, 2011 11:13 PM (in response to mcfmullen)
I got done just now myself for the Texas Poker app and 1.5M in chips for $23.99 all up. It was also the first time I had used a gift card and had always used my credit card before. It seems that there may be something to do with the latest gift cards because all of the people who have posted so far seem to have been using gift cards. Possibly there is something already on the cards to make this happen or allow access.
Currently Being ModeratedMay 25, 2011 11:22 AM (in response to paulno1)
The credit that was stolen from me came from a Coinstar machine at the grocery store, not an Apple gift card.
As I mentioned above, I strongly suspect that this is all related to the recent enormous hackings of Sony and Epsilon. A smart hacker figured out that a) Apple recently started forcing us to use email addresses for our Apple IDs, and b) people often use the same password for various sites when their login is that email address.
So, they got the emails and passwords from either Sony or Epsilon and then simply wrote a program to start running through the millions of pairs they had stolen.
Just my $.02-worth.
Currently Being ModeratedMay 25, 2011 7:03 PM (in response to mcfmullen)
Isnt coinstar the same as getting a gift card though? You still have to buy the credit and load it onto the account. I had loaded gift cards and also a voucher from the petrol station (not a gift card) and was done. I also don't have anything to do with Playstation or anywhere else so I think that is not what this is. It looks like it has nothing to do with credit card accounts only loaded accounts and it may have something more to do with Apple and their gift cards and vouchers and thats why they are not saying anything. Possible faulty codes?
Currently Being ModeratedMay 25, 2011 7:04 PM (in response to mcfmullen)
They still get their 30% also so why should they worry.
Currently Being ModeratedMay 26, 2011 9:19 AM (in response to mcfmullen)
Got a refund, but don't expect an instant reaction.
Once reported to apple it's taken about a week to get my account refunded and reactivated. It's not just Macs affected which does make me wonder what/who is behind this. I still suspect that the problem lies not with us.
Currently Being ModeratedMay 27, 2011 1:59 PM (in response to nerfherder57)
Just got hit yesterday also. I had downloaded the poker app via one of those free app a day programs. I never even opened it and it wiped out my giftcard balance yesterday which I had only put on this week. The only thing I did yesterday was select update all the app updates and I wonder if this somehow made multiple purchases. I do remember the updates prompting my password but I just got the iPad recently so I don't know if this is normal since I usually update when I do my daily sync.
Currently Being ModeratedMay 28, 2011 7:41 AM (in response to mcfmullen)
Yeah, this just got me today too. However I am a PC user, and I have not bought anything from the store in a long time Luckily I took my CC# out of my account months ago when the first iPads came out and Apple got querystring hacked, which by the way was friggin priceless.
At any rate, thank you for helping me decide once and for all that I need to smash my iPhone into little pieces and go find a good Droid phone. I'll be sure to record it for posterity and upload it to YouTube!